Over 289,000 QNAP devices exposed to 0-day security flaw

February 20, 2024
1 min read

TLDR:

  • QNAP released a security advisory for multiple vulnerabilities in their products.
  • A 0-day flaw was discovered in the quick.cgi component of QNAP QTS firmware, potentially affecting over 289,000 devices.

Last week, QNAP addressed vulnerabilities in their QTS, QuTS hero, and QuTScloud products with a severity rating of 5.8. However, it was found that over 289,000 devices were vulnerable to a 0-day flaw. This vulnerability, associated with a command injection in the quick.cgi component of QNAP QTS firmware, allows threat actors to execute arbitrary commands on the device without authentication. The affected devices were mainly located in Germany, USA, China, Italy, Japan, Taiwan, France, and other countries.

To mitigate this flaw, users are advised to test a specific URL on their browsers and update their operating systems to the recommended versions. If the device is still vulnerable, contacting QNAP technical support is recommended. Stay updated on cybersecurity news and follow Cyber Security News on LinkedIn and Twitter for more information.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and